package com.org.cys.controller.system;

import java.util.List;

import javax.annotation.Resource;

import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import com.org.cys.controller.base.BaseController;
import com.org.cys.pojo.base.Const;
import com.org.cys.service.system.PrivilegeRoleService;
import com.org.cys.service.system.PrivilegeService;
import com.org.cys.service.system.RoleService;
import com.org.cys.service.system.UserRoleService;
import com.org.cys.service.system.UserService;
import com.org.cys.util.MD5;
import com.org.cys.util.MapUtil;
import com.org.cys.util.PageData;
import com.org.cys.util.StringUtil;  
  

/**
 * 后台登录Controller
 * @author caiyushen
 * */
@Controller  
@RequestMapping("/login")  
public class LoginController extends BaseController{  
    
	private static Logger logger = Logger.getLogger(LoginController.class);
	
	@Resource(name="userServiceImpl")
    private UserService userService;  
     
	@Resource(name="roleServiceImpl")
	private RoleService roleService;
    
	@Resource(name="userRoleServiceImpl")
	private UserRoleService userRoleService;
	
	@Resource(name="privilegeServiceImpl")
	private PrivilegeService privilegeService;
	
	@Resource(name="privilegeRoleServiceImpl")
	private PrivilegeRoleService privilegeRoleService;
	
	/**
	 * 跳转到登录页面
	 * */
	@RequestMapping(value="/toLogin",method = RequestMethod.GET)
	public String toLogin(){
		return "admin/login";
	}
	
	/**
	 * 登录操作
	 * @return
	 * */
	@RequestMapping(value="/login",method = RequestMethod.POST)
	@ResponseBody
    public PageData login(@RequestBody PageData pd) throws Exception{  
		logger.info("method login() param: "+pd.toString());
		PageData result = new PageData();
		//获取前端传过来的账号
		String userAccount = MapUtil.getString(pd,"userAccount").trim();
		//获取前端传过来的密码
		String jspPassword = MapUtil.getString(pd,"userPassword").trim();
		
		if(!StringUtil.checkObj(userAccount)){
			 logger.error("用户账号不能为空！");
			 result.put("success", false);
			 result.put("error", "用户账号不能为空！");
			 return result;  
		}
		if(!StringUtil.checkObj(jspPassword)){
			 logger.error("用户密码不能为空！");
			 result.put("success", false);
			 result.put("error", "用户密码不能为空！");
			 return result;  
		}
		
		//根据用户账号获取数据列表
		List<PageData> userList = userService.getListByAccount(userAccount);
		if(!StringUtil.checkObj(userList)){
			logger.error("用户账号不存在！");
			result.put("success", false);
			result.put("error", "用户账号不存在！");
			return result;  
		}
		
		PageData user = userList.get(0);
		//获取数据库用户的密码
		String userPassword = MapUtil.getString(user,"userPassword");
		if(!userPassword.equals(MD5.convertPassword(userAccount,jspPassword))){
			logger.error("用户账号或密码错误！");
			result.put("success", false);
			result.put("error", "用户账号或密码错误！");
			return result;  
		}
		
		Subject currentUser = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(userAccount, userPassword);
        currentUser.login(token);//会跳到我们自定义的realm中--》shiroRealm
        Session session = currentUser.getSession();//获取Session
        session.setAttribute(Const.sessionUser,user);//将User数据到session里面
        session.setAttribute(Const.sessionUserId,MapUtil.getLong(user, "id"));//将UserId数据到session里面
        logger.info(userAccount+"登录了系统后台！");
		result.put("success", true);
		return result;  
    }  
	
	/**
	 * 退出登录
	 * */
	@RequestMapping(value="/logout",method = RequestMethod.GET)
    public String logout() throws Exception{
		//shiro管理的session
		Subject currentUser = SecurityUtils.getSubject();  
		Session session = currentUser.getSession();
		PageData user = (PageData)session.getAttribute(Const.sessionUser);
		logger.info(MapUtil.getString(user,"userAccount")+"退出登录");
		session.removeAttribute(Const.sessionUser);
		session.removeAttribute(Const.sessionUserId);
		//shiro销毁登录
		currentUser.logout();
		return "admin/login";
	}
	
}  